Wi-Fi WPS Protocol Security

[mike5757]

Out of pure curiosity, I'm wondering how secure the transfer of the network password and other variables from the AP to the client is when using WPS. If someone intercepted the WPS handshake, could they get this information? Is the data encrypted?

 

[ch33zw1z]

https://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup

don't use it.

 

[Mushkins]

It's not anywhere close to secure.

It's a marketing gimmick for people too stupid to configure wifi on their devices themselves, push the button and it just works! Theres actually quite a few major security flaws with it that can give an outside attacker easy access to your router, you should disable it wherever possible.

 

[lagokc]

It's a marketing gimmick for people too stupid to configure wifi on their devices themselves, push the button and it just works

It also allows wifi printers to be cheaper to manufacture because they just need a little WPS button instead of a tiny LCD display and buttons to type in the passphrase. I suspect/hope some of those can have the wifi configured over USB though.

 

[razel]

The venerability only exists after pushing the button. It's not even a venerability. It's just bad programming where they didn't bother to properly timeout the push button. The fix is simple, but there aren't very many router companies that pushed out firmware updates.

That is the sole reason why I have retired 2 wireless routers in my family. The good news! DD-WRT compatible routers (which get updated frequently) are much easier to find and far cheaper these days.

 

[CA19100]

I suspect/hope some of those can have the wifi configured over USB though.

My Brother HL-2170W has nothing but a few LEDs on the front; no display. But I just briefly connected it via ethernet to configure it and set it up to join my wireless network (including WPA2 key), and it works fine. I'm assuming USB is an option as well, but never checked.

 

[mike5757]

I understand that WPS is vulnerable due to some major flaws. My question was more about the exchange of data between the AP and the client after the button is pushed or the PIN is entered. I couldn't find anything on the details of the protocol used for that exchange. If the vulnerable PIN method was removed from the WPS standard, how secure would it be?

 

[John Connor]

Read,

http://resources.infosecinstitute.com/wi-fi-security-wps/

 

[ch33zw1z]

I suspect/hope some of those can have the wifi configured over USB though.

Indeed they do. my in laws have a printer that setup the IP during initial setup over USB. Just my xp, doubt all of them are like this.

 

[mikeymikec]

From what I've seen, certainly in the UK, product line-ups are being altered because some router manufacturers have withdrawn the WPS feature. Most notably the BT Home Hub no longer has WPS and the feature has been disabled with firmware updates on older versions of the hub. As BT is probably the most popular broadband provider in the UK, its decision to abandon WPS carries a lot of weight here.

In my experience, I have no idea why, but WPS rarely worked even when it was considered to be OK to use.

I understand that WPS is vulnerable due to some major flaws. My question was more about the exchange of data between the AP and the client after the button is pushed or the PIN is entered. I couldn't find anything on the details of the protocol used for that exchange. If the vulnerable PIN method was removed from the WPS standard, how secure would it be?

I don't know the specifics of its vulnerability, but even if the PIN method is removed, that requires a whole new version of the standard to be drafted, agreed to by the major manufacturers and rolled out. That takes time.

 

[ImDonly1]

24 hours of your time, a compatible laptop, and this to crack WPS
http://code.google.com/p/reaver-wps/

 

[JackMDS]

Example of Wireless Routers with compromised WPS.

Belkin, Inc. Affected-06 Jan 2012

Buffalo IncAffected-27 Dec 2011

Cisco Systems, Inc.Affected-30 Jan 2012

D-Link Systems, Inc.Affected05 Dec 201127 Dec 2011

Linksys (A division of Cisco Systems)Affected05 Dec 201130 Jan 2012

Netgear, Inc.Affected05 Dec 201112 Jan 2012

TechnicolorAffected-09 Feb 2012

TP-LinkAffected-27 Dec 2011

ZyXELAffected-27 Dec 2011

Source page here - http://www.kb.cert.org/vuls/id/723755

 

[mike5757]

24 hours of your time, a compatible laptop, and this to crack WPS
http://code.google.com/p/reaver-wps/

I actually did this the other day to an old router of mine. By my math it would've taken about 48 hours, and that was even considering my PIN starts with 0128. It was because it was only doing about one PIN every 30 seconds. I cheated and advanced the checking to just a few PINs ahead of the actual one haha.